diff --git a/AWS/README.md b/AWS/README.md index a3f2531..6139d08 100644 --- a/AWS/README.md +++ b/AWS/README.md @@ -1,5 +1,5 @@ # AWS Templates -AWS templates will help onboard applications with application security integration. Fortify platform support AWS Codestar services so DevOps teams will be able to directly leverage these templates as part of pipeline automation. AWS CodeStar service supports Continious Delivery using their own defined YML files during build and release. +AWS templates will help onboard applications with application security integration. Fortify platform support AWS CodeBuild services so DevOps teams will be able to directly leverage these templates as part of pipeline automation. AWS CodeBuild service supports Continious Delivery using their own defined YML files during build and release. 1. BuildSpec.yml : This template used to build and generate artifacts using AWS managed services. It depicts the CI process in DevSecOps framework. @@ -7,7 +7,7 @@ AWS templates will help onboard applications with application security integrati 2. AppSpec.yml : This template used to deploy the artifacts generated by the CI process. It depicts the CD process in DevSecOps framework. -## Integrating Fortify with AWS CodeStar +## Integrating Fortify with AWS CodeBuild Integrating Fortify with CI process is fairly simple pull and push switch using the templates given in the above folders. Fortify can be integrated using below steps. 1. Identify your Fortify solution (Fortify on-premises or Fortify on Demand) diff --git a/AWS/SAST/Java_Sample/CloudFormationTemplate/fortify-sast-fod-buildspec.yml b/AWS/SAST/Java_Sample/CloudFormationTemplate/fortify-sast-fod-buildspec.yml index 472422e..39bd315 100644 --- a/AWS/SAST/Java_Sample/CloudFormationTemplate/fortify-sast-fod-buildspec.yml +++ b/AWS/SAST/Java_Sample/CloudFormationTemplate/fortify-sast-fod-buildspec.yml @@ -19,6 +19,10 @@ phases: - echo "Entered the build phase..." - Region = ${AWS_REGION} - Account_Id = $(echo $CODEBUILD_BUILD_ARN | cut -f5 -d ':') + - export FCLI_DEFAULT_FOD_URL=$FOD_URL + - export FCLI_DEFAULT_FOD_USER=$FOD_USER + - export FCLI_DEFAULT_FOD_PASSWORD=$FOD_PAT + - export FCLI_DEFAULT_FOD_TENANT=$FOD_TENANT - docker run --rm -v $PWD:/data fortifydocker/fortify-ci-tools:latest-jdk-17 sh -c "cd /data && scancentral package -bt mvn -o package.zip -oss" - docker run --rm -v $PWD:/data fortifydocker/fortify-ci-tools:latest-jdk-17 sh -c "cd /data && export FCLI_DEFAULT_FOD_URL=$FOD_URL && export FCLI_DEFAULT_FOD_USER=$FOD_USER && export FCLI_DEFAULT_FOD_PASSWORD=$FOD_PAT && export FCLI_DEFAULT_FOD_TENANT=$FOD_TENANT && fcli fod session login && fcli fod sast start --release=$FOD_RELEASE_ID --file=package.zip --remediation=NonRemediationScanOnly && fcli fod session logout" - docker run --rm -u $(id -u):$(id -g) -v $PWD:/data -e FCLI_DEFAULT_FOD_URL -e FCLI_DEFAULT_FOD_USER -e FCLI_DEFAULT_FOD_PASSWORD -e FCLI_DEFAULT_FOD_TENANT fortifydocker/fcli:2.7.0 fcli fod session login diff --git a/AWS/SAST/Java_Sample/CloudFormationTemplate/fortify_sast_fod_cloudformation_template.yaml b/AWS/SAST/Java_Sample/CloudFormationTemplate/fortify_sast_fod_cloudformation_template.yaml index 0382afc..8b216d7 100644 --- a/AWS/SAST/Java_Sample/CloudFormationTemplate/fortify_sast_fod_cloudformation_template.yaml +++ b/AWS/SAST/Java_Sample/CloudFormationTemplate/fortify_sast_fod_cloudformation_template.yaml @@ -260,8 +260,12 @@ Resources: commands: - echo "Entered the build phase..." - fod_uploader_opts='-ep 2 -pp 0 -I 1 -apf' - - Region = ${AWS_REGION} - - Account_Id = $(echo $CODEBUILD_BUILD_ARN | cut -f5 -d ':') + - Region='${AWS::Region}' + - Account_Id=$(echo $CODEBUILD_BUILD_ARN | cut -f5 -d ':') + - export FCLI_DEFAULT_FOD_URL=$FOD_URL + - export FCLI_DEFAULT_FOD_USER=$FOD_USER + - export FCLI_DEFAULT_FOD_PASSWORD=$FOD_PAT + - export FCLI_DEFAULT_FOD_TENANT=$FOD_TENANT - docker run --rm -v $PWD:/data fortifydocker/fortify-ci-tools:latest-jdk-17 sh -c "cd /data && scancentral package -bt mvn -o package.zip -oss" - docker run --rm -v $PWD:/data fortifydocker/fortify-ci-tools:latest-jdk-17 sh -c "cd /data && export FCLI_DEFAULT_FOD_URL=$FOD_URL && export FCLI_DEFAULT_FOD_USER=$FOD_USER && export FCLI_DEFAULT_FOD_PASSWORD=$FOD_PAT && export FCLI_DEFAULT_FOD_TENANT=$FOD_TENANT && fcli fod session login && fcli fod sast start --release=$FOD_RELEASE_ID --file=package.zip --remediation=NonRemediationScanOnly && fcli fod session logout" - docker run --rm -u $(id -u):$(id -g) -v $PWD:/data -e FCLI_DEFAULT_FOD_URL -e FCLI_DEFAULT_FOD_USER -e FCLI_DEFAULT_FOD_PASSWORD -e FCLI_DEFAULT_FOD_TENANT fortifydocker/fcli:2.7.0 fcli fod session login @@ -383,7 +387,7 @@ Resources: # FunctionName: lambda_function Handler: index.lambda_handler Role : !GetAtt CleanupBucketOnDeleteLambdaRole.Arn - Runtime: python3.7 + Runtime: python3.11 MemorySize: 128 Timeout: 60 #### Custom Lambda function for Fortify Parser diff --git a/README.md b/README.md index 33529d0..38e8c07 100644 --- a/README.md +++ b/README.md @@ -13,8 +13,7 @@ Modern software delivery is synonymous with DevSecOps, meanwhile Software portfolios are in the midst of Cloud Transformation spanning cloud native, to lift-and-shift, and everything in between. Security must keep pace with the ‘everything-as-code’ era to transition from point of friction to enablement, without sacrificing quality. Fortify offers end-to-end application security solutions with the flexibility of testing on-premises and on-demand to scale and cover the entire software development lifecycle. Fortify integrates into your existing development toolchain seamlessly, giving you the highest quality findings and remediation advice during every stage, creating more secure software. With Fortify, you don’t need to trade quality of results for speed. -This project provides developers a collection of reference templates and implementations to enable seamless integration of Fortify tools with cloud native development. The entire project consist of pipeline as code and automated scripts to help integrate Foritfy in different public cloud providers such as Azure DevOps, AWS CodeStar, Google Cloud Platform and Oracle Cloud Infrastructure. In order to support developers and application security teams, we have created a templates which could help integrate Fortify static application security testing (SAST) and dynamic application security testing (DAST) into CI/CD pipelines faster and helps applications onboard faster. - +This project provides developers a collection of reference templates and implementations to enable seamless integration of Fortify tools with cloud native development. The entire project consist of pipeline as code and automated scripts to help integrate Foritfy in different public cloud providers such as Azure DevOps, AWS CodeBuild, Google Cloud Platform and Oracle Cloud Infrastructure. In order to support developers and application security teams, we have created a templates which could help integrate Fortify static application security testing (SAST) and dynamic application security testing (DAST) into CI/CD pipelines faster and helps applications onboard faster.